Lucene search

K
code423n4Code4renaCODE423N4:2022-01-NOTIONAL-FINDINGS-ISSUES-68
HistoryJan 29, 2022 - 12:00 a.m.

Cooldown and redeem windows can be rendered useless.

2022-01-2900:00:00
Code4rena
github.com
7
account security
redeem window
cooldown period
flash loan
protocol election manipulation

Handle

ShippooorDAO

Vulnerability details

Impact

Cooldown and redeem windows can be rendered useless.

Proof of Concept

  • Given an account that has not staked sNOTE.
  • Account calls sNOTE.startCooldown
  • Account waits for the duration of the cooldown period. Redeem period starts.
  • Account can then deposit and redeem as they wish, making the cooldown useless.
  • Multiple accounts could be used to β€œhop” between redeem windows by transfering between them, making the redeem window effictively useless.

Could be used for voting power attacks using flash loan if voting process is not monitored
<https://www.coindesk.com/tech/2020/10/29/flash-loans-have-made-their-way-to-manipulating-protocol-elections/&gt;

Tools Used

  • Eyes
  • Brain
  • VS Code

Recommended Mitigation Steps

A few ways to mitigate this problem:
Option A: Remove the cooldown/redeem period as it’s not really preventing much in current state.
Option B: Let the contract start the cooldown on mint, and bind the cooldown/redeem window to the amount that was minted at that time by the account. Don’t make sNOTE.startCooldown() available externally. Redeem should verify amount of token available using this new logic.


The text was updated successfully, but these errors were encountered:

All reactions